Hi

I am getting the "prgn not seeded" message on a Solaris 7 Ultra 10 when I create 
non-dummy certificates.  I don't really know if openssl is the party causing the 
problem, but any help is appreciated.

Information ....

Trying the latest development snapshot of openssl ...

baiba2# openssl version -a
OpenSSL 0.9.6-dev 28 Feb 2000
built on: Thu Mar  2 12:08:08 EST 2000
platform: solaris-sparcv9-gcc
options:  bn(64,32) md2(int) rc4(ptr,char) des(idx,cisc,16,long) idea(int) 
blowfis
h(ptr)
compiler: gcc -DTHREADS -D_REENTRANT -DRSAref -fPIC -mcpu=ultrasparc -O3 
-fomit-fr
ame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC -DMD5_ASM


Problem generating a test certificate ....

make certificate TYPE=test

make certificate TYPE=test
SSL Certificate Generation Utility (mkcert.sh)
Copyright (c) 1998-2000 Ralf S. Engelschall, All Rights Reserved.

Generating test certificate signed by Snake Oil CA [TEST]
WARNING: Do not use this for real-life/production systems
______________________________________________________________________

STEP 0: Decide the signature algorithm used for certificate
The generated X.509 CA certificate can contain either
RSA or DSA based ingredients. Select the one you want to use.
Signature Algorithm ((R)SA or (D)SA) [R]:
______________________________________________________________________

STEP 1: Generating RSA private key (1024 bit) [server.key]
1450 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus
..........................++++++
..........++++++
e is 65537 (0x10001)
______________________________________________________________________

STEP 2: Generating X.509 certificate signing request [server.csr]
Using configuration from .mkcert.cfg
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
1. Country Name             (2 letter code) [XY]:
2. State or Province Name   (full name)     [Snake Desert]:
3. Locality Name            (eg, city)      [Snake Town]:
4. Organization Name        (eg, company)   [Snake Oil, Ltd]:
5. Organizational Unit Name (eg, section)   [Webserver Team]:
6. Common Name              (eg, FQDN)      [www.snakeoil.dom]:
7. Email Address            (eg, name@FQDN) [[EMAIL PROTECTED]]:

8. Certificate Validity     (days)          [365]:______________________________
________________________________________


STEP 3: Generating X.509 certificate signed by Snake Oil CA [server.crt]
Certificate Version (1 or 3) [3]:
Signature ok
subject=/C=XY/ST=Snake Desert/L=Snake Town/O=Snake Oil, Ltd/OU=Webserver Team/CN
[EMAIL PROTECTED]
Getting CA Private Key
Verify: matching certificate & key modulus
read RSA key
Verify: matching certificate signature
../conf/ssl.crt/server.crt: OK
______________________________________________________________________

STEP 4: Enrypting RSA private key with a pass phrase for security [server.key]
The contents of the server.key file (the generated private key) has to be
kept secret. So we strongly recommend you to encrypt the server.key file
with a Triple-DES cipher and a Pass Phrase.
Encrypt the private key now? [Y/n]:
read RSA key
writing RSA key
Enter PEM pass phrase:
Verifying password - Enter PEM pass phrase:
unable to write key
13617:error:24064064:random number generator:SSLEAY_RAND_BYTES:prng not seeded:m
d_rand.c:483:
mkcert.sh:Error: Failed to encrypt RSA private key
*** Error code 1
make: Fatal error: Command failed for target `certificate'
Current working directory /usr3/apache_1.3.12/src
*** Error code 1
make: Fatal error: Command failed for target `certificate'

...........................

The only two "strange to me" items I noticed in the assembly and tests:

Warning in the assembly of the openssl code:

gcc -I../crypto -I../include -DTHREADS -D_REENTRANT -DRSAref -fPIC 
-mcpu=ultraspar
c -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC -DMD5_ASM  
-c
 ssl_ciph.c
ssl_ciph.c: In function `ssl_cipher_process_rulestr':
ssl_ciph.c:558: warning: `found' might be used uninitialized in this function

...........................

Messages in openssl encryption testing:

./rsa_test
PKCS #1 v1.5 encryption/decryption ok
No OAEP support
PKCS #1 v1.5 encryption/decryption ok
No OAEP support
PKCS #1 v1.5 encryption/decryption ok
No OAEP support

Mike Buckley

[EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to